Overview

overview

10

Static

static

8

千月1210.vmp.exe

windows7-x64

10

千月1210.vmp.exe

windows10-2004-x64

10

当当下�...om.url

windows7-x64

1

当当下�...om.url

windows10-2004-x64

1

百度导航.url

windows7-x64

1

百度导航.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b611dfe4530c9f9c0e53326cc7fed96b1f2436a558fd9cd901327f79163d721

  • Size

    3.6MB

  • Sample

    221126-hdan8acg6v

  • MD5

    b5ed64b1ca44a9ec2df59f8c80bc2719

  • SHA1

    03f1f8319f33c1d80b07b11d13da66176bab9d3d

  • SHA256

    1b611dfe4530c9f9c0e53326cc7fed96b1f2436a558fd9cd901327f79163d721

  • SHA512

    e111fecc559fe4f23d0ffb300ac7ec13a524378b7fc3988454c317fd557abf3452597a396cc668bbb1cdd23929d44bfd481589b7ffde8d8f9104fa7f400b7a29

  • SSDEEP

    98304:V3oi+HkUsdtmd6OYwaB5ISbVxZvl2zepNDKP+6Q13:V3oxHkpmM/B5Hh4CN+Fc3

Score
10/10
blackmoonbankerbootkitpersistencetrojanvmprotect

Malware Config

Targets

    • Target

      千月1210.vmp.exe

    • Size

      3.7MB

    • MD5

      4e354d702744838b1d89838aaf4dc589

    • SHA1

      d6c1a22b81f8f35e2ddba551ac13ea39ac5b0666

    • SHA256

      6638ca5e79e54398cfb705e1f76e5e8ac86c0e097ad6717da5cb6b067f7a8e85

    • SHA512

      325ae3275df86d5bb1f40775c8e49882a9f65b10d0e6df6374172e832c2da660125938f5f96706c57da78537b51a6ba3df4ca5753c18edbf496e171bd1f05774

    • SSDEEP

      98304:v0/vvhTtozYBsRQBurNfBizdmAd7lamGxpVOjnHYg:kvheIsOmcmA5lamYKEg

    Score
    10/10
    blackmoonbankerbootkitpersistencetrojanvmprotect

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      当当下载站downdownz.com.url

    • Size

      80B

    • MD5

      9bb90031a712588bcb53186cd6fc59c5

    • SHA1

      2a270d35a402446c89c865028deb4e231623f17a

    • SHA256

      312203954c67edcda7232ef679efb52a75e8e5deebebb1a43c12b08b5b58b77c

    • SHA512

      4bb64e945b4ddfc5974d865280efa17251a7755284e6eebcc389bb5a33956ca534fa49dfec7026e092f171a8cf99515834f71f3921279dc11b0d85ea225b1596

    Score
    1/10
    behavioral3behavioral4

    • Target

      百度导航.url

    • Size

      96B

    • MD5

      95b7e3416b3c82798cec0561f38f57ca

    • SHA1

      198e84d1f6e09d36f41c891eea106535846957b4

    • SHA256

      7a4f1ca2bd8ee2308db1ba1dfa232d2d2a84f4ff937413fc58b69193fffd0363

    • SHA512

      50c819d0450a0cecee0e851c09ebe9c191e3470ead9b35cdb2bb3266d2659d7772bb36c5afdab71f419aeb415c2269e6c7153551dfb70cb75134d248b0ad2314

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks